Gentoo Archives: gentoo-user

From: Stroller <stroller@××××××××××××××××××.uk>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] [footnote] The purpose of pam
Date: Wed, 27 Jan 2010 09:11:24
Message-Id: 75AE86D6-67B0-4C21-8022-0D9BF7C203C4@stellar.eclipse.co.uk
In Reply to: [gentoo-user] [footnote] The purpose of pam by walt
1 On 27 Jan 2010, at 00:34, walt wrote:
2 > ...
3 > After thinking awhile I realized that pam can be used to
4 > combine muliple forms of authentication to reduce the well
5 > documented risk of single-factor authentication (like our
6 > traditional password system).
7 > ...
8 > Any sysadmins out there that can confirm my reasoning?
9
10 I use pam_winbind at a site to enable users to logon to the Dovecot
11 IMAP server using their Windows domain username & password.
12
13 Once the underlying mechanism is setup it requires very little work to
14 enable this - for ftp authentication (restricted to localhost only,
15 but this allows Squirrelmail users to add a vacation message) I needed
16 to touch, I am sure, nothing but the /etc/pam.d/ftp file. Dovecote
17 requires only one or two extra lines in its config. With one
18 additional line in /etc/pam.d/imaps a homedir is created for the user
19 the first they log into the IMAP server (pam_mkhomedir.so).
20
21 This list may not consider this such a cool use of PAM as using long
22 encryption keys to authenticate themselves, but I have found PAM
23 amazing when it all comes together so quickly. PAM seems quite
24 powerful & flexible, although I too seem to recall having a
25 frustrating experience when I encountered it, without understanding
26 it, years ago.
27
28 Stroller.